Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/1YFeD7mn7QrDQOvTEN1t9ZOs6k0.roa
File:                     1YFeD7mn7QrDQOvTEN1t9ZOs6k0.roa (raw, json)
Hash identifier:          j0qLfKmgPCpfZfbA+Gd8d4ZShBgrSP1hxKACVI1WLzg=
Subject key identifier:   D5:81:5E:0F:B9:A7:ED:0A:C3:40:EB:D3:10:DD:6D:F5:93:AC:EA:4D
Certificate issuer:       /CN=d09363cfebbbf92a51e428533d3e8ad412aa3374
Certificate serial:       17B8BB38
Authority key identifier: D0:93:63:CF:EB:BB:F9:2A:51:E4:28:53:3D:3E:8A:D4:12:AA:33:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/1YFeD7mn7QrDQOvTEN1t9ZOs6k0.roa
Signing time:             Sat 01 Jan 2022 12:04:13 +0000
ROA not before:           Sat 01 Jan 2022 12:04:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12779
IP address blocks:        195.238.235.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 397982520 (0x17b8bb38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09363cfebbbf92a51e428533d3e8ad412aa3374
        Validity
            Not Before: Jan  1 12:04:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d5815e0fb9a7ed0ac340ebd310dd6df593acea4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ad:b7:73:49:78:93:09:16:8d:6e:2b:ae:1d:
                    64:4e:e2:1a:03:1b:00:c4:05:5e:3e:5c:d2:bf:eb:
                    fa:96:13:aa:f6:31:f7:c0:27:94:66:35:fe:1a:fd:
                    18:74:58:5d:74:b3:1e:6f:f2:04:ea:85:34:40:a9:
                    b6:e8:0d:d0:5f:e8:fe:12:15:dd:0e:64:7d:be:eb:
                    22:1a:fe:c6:a6:62:4c:a4:ce:cf:f9:ea:59:b8:02:
                    90:c7:db:fb:31:65:cd:f7:50:95:d5:d9:98:a6:21:
                    45:8d:3b:7a:ec:b2:1d:96:fe:b6:0f:e7:98:7f:ad:
                    29:36:23:61:64:56:bb:7c:ad:50:73:fc:d9:fa:07:
                    94:96:5f:1c:cb:72:24:5d:82:31:ee:ca:10:e5:12:
                    40:09:c8:d2:d5:5f:2f:0a:5e:d9:4d:80:c1:d0:da:
                    a2:15:cd:8e:82:3e:ad:9b:10:53:a1:9a:0f:6f:24:
                    80:d0:3a:3b:36:f8:13:bf:da:4d:f3:00:d9:dc:0d:
                    e4:be:c3:71:78:d2:48:39:36:3b:97:52:51:4e:16:
                    7a:63:8d:2d:cd:f4:3e:bd:0e:e5:ab:b5:1b:7f:ed:
                    b4:69:d8:7b:c7:04:d7:83:2b:54:6e:57:88:c6:ba:
                    3e:73:34:9c:e5:7c:84:47:f5:0c:c0:14:64:0d:95:
                    5a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:81:5E:0F:B9:A7:ED:0A:C3:40:EB:D3:10:DD:6D:F5:93:AC:EA:4D
            X509v3 Authority Key Identifier:
                keyid:D0:93:63:CF:EB:BB:F9:2A:51:E4:28:53:3D:3E:8A:D4:12:AA:33:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/1YFeD7mn7QrDQOvTEN1t9ZOs6k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7c:d4:73:60:d1:aa:b7:2d:35:c6:04:37:5d:5f:a3:62:f5:
         d3:14:9c:94:b6:05:25:e8:7f:e5:3e:08:0f:c7:3f:ab:b6:a5:
         6f:83:5f:7b:16:fe:cb:05:a8:92:f3:a8:8c:86:77:ab:19:f4:
         1c:28:88:45:e8:c3:c3:fd:c3:aa:8d:0c:66:9f:88:64:bd:83:
         97:d1:08:eb:db:0d:1f:4f:9c:5c:b9:19:d1:ad:37:0f:c7:49:
         fc:77:2a:66:be:54:b0:09:10:7d:cb:7d:22:49:5b:44:e4:8d:
         6e:0e:7d:71:1a:4a:e4:c8:34:ae:e2:75:34:b4:6f:20:4c:10:
         6a:fb:d8:31:1d:6f:f1:34:87:f1:71:23:13:68:14:0d:a6:25:
         ce:d3:ed:97:af:b6:72:85:7b:16:f3:55:ed:ab:49:e8:6f:bc:
         41:2a:77:e6:7e:1f:f6:36:94:8d:91:da:0b:9b:3b:0e:12:4c:
         69:be:59:fd:e0:78:29:d6:0a:38:2d:67:60:55:0c:cc:2e:20:
         05:e9:19:d1:c8:bd:3a:c1:f9:66:5f:bc:ce:5c:68:08:37:48:
         4d:7b:b5:3e:74:b4:af:02:10:f6:12:49:08:4d:cd:a7:81:b5:
         70:d9:26:be:91:36:7d:34:07:8e:0b:39:1d:47:98:ba:31:93:
         0d:97:b5:aa
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF7i7ODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MDkzNjNjZmViYmJmOTJhNTFlNDI4NTMzZDNlOGFkNDEyYWEzMzc0MB4XDTIyMDEw
MTEyMDQxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDU4MTVlMGZiOWE3
ZWQwYWMzNDBlYmQzMTBkZDZkZjU5M2FjZWE0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANitt3NJeJMJFo1uK64dZE7iGgMbAMQFXj5c0r/r+pYTqvYx
98AnlGY1/hr9GHRYXXSzHm/yBOqFNECptugN0F/o/hIV3Q5kfb7rIhr+xqZiTKTO
z/nqWbgCkMfb+zFlzfdQldXZmKYhRY07euyyHZb+tg/nmH+tKTYjYWRWu3ytUHP8
2foHlJZfHMtyJF2CMe7KEOUSQAnI0tVfLwpe2U2AwdDaohXNjoI+rZsQU6GaD28k
gNA6Ozb4E7/aTfMA2dwN5L7DcXjSSDk2O5dSUU4WemONLc30Pr0O5au1G3/ttGnY
e8cE14MrVG5XiMa6PnM0nOV8hEf1DMAUZA2VWpkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTVgV4PuaftCsNA69MQ3W31k6zqTTAfBgNVHSMEGDAWgBTQk2PP67v5KlHk
KFM9PorUEqozdDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBKTmp6LXU3LVNwUjVDaFRQVDZLMUJLcU0zUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzYvMDgxNjRhLTg4MjEtNDdjMS1iZDQ4LTVmOWU0ODJmMWJmNC8x
LzFZRmVEN21uN1FyRFFPdlRFTjF0OVpPczZrMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYv
MDgxNjRhLTg4MjEtNDdjMS1iZDQ4LTVmOWU0ODJmMWJmNC8xLzBKTmp6LXU3LVNw
UjVDaFRQVDZLMUJLcU0zUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMPu6zANBgkqhkiG9w0BAQsFAAOC
AQEAKnzUc2DRqrctNcYEN11fo2L10xSclLYFJeh/5T4ID8c/q7alb4Nfexb+ywWo
kvOojIZ3qxn0HCiIRejDw/3Dqo0MZp+IZL2Dl9EI69sNH0+cXLkZ0a03D8dJ/Hcq
Zr5UsAkQfct9IklbROSNbg59cRpK5Mg0ruJ1NLRvIEwQavvYMR1v8TSH8XEjE2gU
DaYlztPtl6+2coV7FvNV7atJ6G+8QSp35n4f9jaUjZHaC5s7DhJMab5Z/eB4KdYK
OC1nYFUMzC4gBekZ0ci9OsH5Zl+8zlxoCDdITXu1PnS0rwIQ9hJJCE3Np4G1cNkm
vpE2fTQHjgs5HUeYujGTDZe1qg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:18 2024 by rpki-client on console-fra.rpki-client.org